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INVENTORS: Peter Bendel, Thomas Schaeck, and Roland Weber 



;;0 SPECIFICATION 

m Method and Apparatus for Controlling 

□ Access to the Contents of Web Pages 

by Using a Mobile Security Module 

□ 5 The present invention relates to a method and an apparatus for 

controlling access to the contents of web pages by using mobile 
security modules and in particular chip cards. 

The internet, i.e. the World Wide Web, has become a new 
information-disseminating and business medium. The increasing 
10 commercialization of the internet is constantly giving rise to 

ideas for new types of business which can be transacted over the 
DFQ-1 QQQ-OOFift 



internet. Even today, the internet user can perform virtually all 
the commercial transactions involved in ordinary everyday life over 
the internet. In the business world too the internet has become an 
indispensable tool. Companies use the internet both for developing 
5 and for marketing their products. 

However, there are also dangers to these opportunities offered by 
the internet. To an increasing extent, even confidential 
information is being exchanged between clients and servers over the 
internet. This is particularly true of the exchange of confidential 
10 knowhow. The client and the server therefore need to be sure that 
I access to the confidential information is impossible while it is 

I being transmitted over the internet. As well as this it must also 

| be ensured that the authenticity of the receiver of the 

i confidential information can be relied on. Finally, more and more 

:|15 providers of web servers are starting to restrict access to web 
; contents, i.e. are permitting access only in return for the input 

I of a user ID and password. In the prior art there are certain 

;l methods which have become established of guaranteeing authenticity 

between client and server and of ensuring that no unauthorized 
20 access is possible during transmission. 

Prior art 
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Where access to web pages is restricted by means of a user ID and 
password, the browser is told that this is the case and it then 
opens a dialog box to allow a user ID and/or a password to be 
entered. Once the user ID and password have been entered, the 
5 browser sends them to the web server and if they are correct the 
latter opens access to the web pages . 

A disadvantage of this method lies in the allotting and management 
of the user ID's and passwords and the possibility thereby created 
that the user ID'S and passwords may be misused by unauthorized 
10 persons or may be listened in on by such persons when they are 
,p being transmitted from the client to the web server. 

m l n an improved method the web server stores the client's TCP/IP 

jjj address in a table. The TCP/IP address is thus considered to be 

^ authorized. A disadvantage of this method is that the TCP/IP 

; s ;|15 address of the authorized client can be replaced by another TCP/IP 
]Z address belonging to an unauthorized client if the unauthorized 

^ client has covertly found out the user ID and password. When this 

is the case the unauthorized person can still again access to the 

web server. 

20 SSL (secure socket layer) is a transmission protocol for the secure 
transmission of information. Contemporary browsers largely support 
this protocol. Browsers which support SSL contain a database 
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holding certificates for public keys. Each public key is certified 
by a certificate issued by a recognized certification center. The 
protected-access web server contains a private key, with one public 
key being assigned to each such private key. For the public key in 
5 question, there is also a certificate on the web server. 

The web server sends the certificate to the client. The certificate 
comprises the public key, identity data and a signature. The 
signature was generated by the web server by means of the private 
key. The client checks the validity of the certificate by reference 
10 to the certificates held in store and generates a signature by 

using an encryption algorithm and the public key. If the signature 

m in the certificate is the same as the signature generated, the 

rn server has authenticated itself. 

The same method can also be used to authenticate the client. 

;^15 In this case too it is essential for the client to have a private 
W key and a certificate. 

The private key must be protected against access. Therefore it must 
not be stored on the client's hard disk. As an alternative to this 
the private key can be stored on a card. What is a disadvantage in 
20 this case however is that the card has to be capable of performing 
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a public key procedure and to do this it requires a cryptographic 
co-processor. This however makes the card expensive. 

To provide a secure channel for communications, the SSL protocol 
makes it possible for the information for transmission to be 
5 encrypted by means of a session key on which the client and the web 
server have agreed. The session key is a symmetrical key. It is 
used to encrypt the information which is going to be transmitted. 

The object of the present invention is to provide a method and an 
apparatus which avoid the disadvantages, as outlined above, of the 
: .J310 prior art for achieving authentication between client and server. 

ff\ This object is achieved by means of the features described in 

in claims 1, 15, 17, 18 and 20. Other advantageous embodiments of the 

□I present invention are described in the subclaims. 

;IJ The main advantage of the present invention lies in the fact that 

; ^15 the control of access to web pages in accordance with the invention 
does not require any changes to existing browsers. Also, the use of 
a chip card increases the security of the method of authentication 
employed in the present case. 

The present invention will be described by reference to a preferred 
20 embodiment and to drawings, in which 
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Fig.l shows the components on which the present invention is 

based/ and 

Fig. 2 shows the method according to the invention for 

authentication and access control. 

5 Fig.l shows the components for implementing the present invention. 
Installed on the client side there are a data-processing unit with 
a browser, a card reader and a mobile security module, e.g. a chip 
card. The browser is capable of displaying HTML pages and of 
running applets in its virtual machine (JVM = Java virtual 

10 machine) . Applets are programs written in the Java programming 

language which are downloaded from the web server together with the 
web page. The function which the applets perform is to communicate 
with the chip card, e.g. by using APDU' s (= application protocol 
data units) . To communicate with the card, the applet requires a 

15 program library. This is necessary because communication is not one 
of the browser's standard functions. The chip card needs to be 
capable of calculating a cryptographic checksum or generating a 
digital signature by means of a key. The key is located in a 
protected area of the chip card. In addition to this, the 

20 individual number of the card is preferably also stored on it. 

On the server side there is a web server or data-processing unit 
which can handle HTTP requests from the client (an HTTP server) . 



The server is also capable of calling up not only static HTML pages 
but also programs (CGI = common gateway interface) or servlets. 
Servlets are programs written in Java which are used on web 
servers. The function which the servlets perform in the present 
5 invention is to verify the cryptographic checksum (or digital 

signature) generated on the client's side and thus to warrant the 
authenticity of the client to the web server. 

The web server may have a protected area which is only accessible 
via an access control and an unprotected area to which access can 
10 be gained without access control. 

The client and web server are connected via a data-carrying 
connection, e.g. the internet or an intranet, and communicate by 
means of a standard transmission protocol, e.g. TCP/IP. 

To obtain a further increase in the security of the method, 
15 according to the invention, against snooping, SSL (secure sockets 
layer) is proposed as the transmission protocol. 

The procedural sequence for the method according to the invention 
of controlling access to protected web pages on a web server is 
shown in detail in Fig. 2. The method according to the invention 
20 comprises the following steps: 



1. By entering a URL (uniform resource locator) , the client 
requests a protected web page on a web server (HTTP request for 
page X) . This request from the client causes a servlet to be 
started on the web server. By referring to a list, the servlet 
5 checks whether the URL contains a valid session ID as a parameter. 
A session ID is a prerequisite for access to a protected web page. 
If the session ID is included in the list, the process continues as 
detailed in step 10 below. If it is not (if this is an initial 
contact), authentication begins as detailed in step 2. 

10 2 . The servlet sends to the client an authentication page which 

:.f| contains an authentication applet. The authentication applet is 

;j| parametrized with a random number which was generated by the 

i§\ servlet and with the URL address of the page originally requested 

(HTTP request for page X) . The authentication applet is preferably 

^15 stored in the client's volatile memory and run or activated by the 

; s? : browser. 



3 . The applet asks the user to identify himself by means of a 
chip card and initiates communication with the chip card, 
preferably by means of APDU's. The applet transmits the random 

20 number to the chip card. 

4. Using a key which is stored in the protected area on the chip 
card, the card calculates a cryptographic checksum or digital 
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signature from the random number and its own card number. The 
checksum/digital signature and the card number are sent back to the 
applet . 

5. The applet then makes a connection to the servlet on the web 
5 server and passes this data to the servlet. 

6 . The servlet checks to see whether the cryptographic 
checksum/ signature is correct using a key which matches the chip 
card. Where the encryption process is symmetrical, the servlet is 
in possession of the same key; where it is asymmetrical, the 

10 servlet is in possession of the public key. 

a) If the check sum does not agree, the servlet sends a negative 
answer to the applet. The applet shows the user an error message. 

b) If the checksum is correct, the servlet generates a unique 
session ID from a large range of values to prevents its being 

15 discovered by a targeted search made by an unauthorized person. 

The session ID is preferably provided with an expiry date and is 
entered in the servlet 's list of valid session ID'S. The session ID 
shows that the user in question is an authorized user for all 
requests within the session. The session ID loses its validity 
20 when : 



a fixed period has expired, 

the session is terminated by means of a log-off page. 

7. The session ID is transmitted by the servlet to the applet. 
The applet preferably confirms the successful authentication. 

5 8. At the end of step 7 of the method, the applet has the 
following information available to it: 

the URL address for page X, as originally requested, from step 
3 

i.g - the session ID from step 7. 

g|10 From this information the applet generates a new URL, with the new 
m URL comprising the original address and the session ID, and 

r*! transmits it to the browser. The applet has thus completed its 

Z\ duties. 

9. The browser requests the web page in question from the web 
15 server. 

10. The request for page X causes the servlet to be called up in 
the server. The servlet checks for the presence of the session ID 
in the URL as described in step 1. If the session ID is present, 
the servlet checks to see whether it is contained in the list and, 
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if it is, to see whether a validity date, if it has one, has 
expired. 

If all the requirements for access are satisfied, the web page 
requested is loaded into the memory of the web server and 
5 processed. In the course of the processing, the web page in 

question is searched for any links to other web pages located in 
the area to which access is controlled. If any links of this kind 
are found, the user's session ID is added to them. It is preferable 
for an additional link for terminating the session, which also 
10 contains the session ID, to be inserted at the end of the page 
=.y which was called up (see step 13) . 

ffi 11. The servlet transmits the page, with the modified links, to 

\fl the client. 

'"[I 12. If, on the page displayed, the user follows a link which 

;Zl5 points to the protected area, this link will already include the 
session ID needed for authentication and this page will therefore 
be transmitted to the client without any renewed authentication as 
in step 2 et seq. 

13. Events which specifically terminate the session and cause the 
20 session ID to be lost are: 
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selection of the link for logging off (see step 10) 

expiry of the period of time for which a session ID has been 

allotted. 

14. The servlet receives the log-off request from step 13 and 
5 deletes the session ID contained in the log-off request from the 

list of valid session ID'S. The servlet preferably confirms to the 
user that the session is over. 
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CLAIMS 



1 1. Method for controlling access to protected contents on a 

2 server, the method requiring the following components to be 

3 present : 

4 a) a server 

5 b) a client 

6 c) a reader for a mobile security module 

7 d) a security module having at least one protected area for 
;jg 8 storing a key 

ill 9 e) a data line for communications between client and server 

frilO characterized by the following steps: 

aa) sending to the server of a request to call up protected- 
;^12 access contents 

13 bb) sending from the server to the client of an 

14 authentication module to be run in the client 

15 cc) execution of an authentication protocol for 

16 authenticating the mobile security module and, where 
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appropriate, its holder by means of the authentication 
module 



dd) if the authentication in step cc) was successful, 

addition to the request in step aa) of a session ID which 
was generated in the course of the communications between 
the authentication module and the server 

ee) sending of the new request to the server application 

ff) checking of the session ID in the request to see that it 
is recorded in the server 

gg) processing of the content requested for transmission and 
searching of the content for further links to other 
protected-access contents 

hh) addition of the session ID to the links identified 

ii) sending of the content modified as in step hh) to the 
client . 

Method according to claim 1, characterized in that the server 
is a web server and the protected contents are web pages which 
are called up via a browser by a URL request from a client. 



Method according to claim 1, characterized in that the 
authentication protocol is executed in the followed steps: 

jj) generation of a random number by the server application 
when the content requested is access -protected and the 
requirements for access have not been satisfied, and 
sending of the random number to the authentication module 

kk) sending of the random number from the authentication 
module to the mobile security module 

11) generation in the mobile security module of a digital 

signature which takes account of the identity number of 
the mobile security module, the random number and the key 
of the mobile security module 

mm) sending of the digital signature to the server 

nn) checking of the correctness of the digital signature 
using the security module of the server. 

Method according to claim 2, characterized in that the server 
application is a servlet and the client authentication module 
is an authentication applet and in that on receipt of a URL 



4 request the servlet checks the URL request for the presence of 

5 a session ID and if there is no session ID present sends an 

6 authentication applet containing a random number to the 

7 client. 

1 5. Method according to claim 1, characterized in that the 

2 communications between client and server take place via SSL 

3 (secure sockets layer) as the transmission protocol. 

1 6. Method according to claim 4, characterized in that the 

2 authentication applet communicates with the servlet by 

3 internet or intranet using the TCP/IP protocol. 

1 7. Method according to claim 3, characterized in that the digital 

2 signature is generated by means of a symmetrical encryption 

3 algorithm with the help of a secret key agreed between client 

4 and server, or by means of an asymmetrical encryption 

5 algorithm with the help of a private key, the server being in 

6 possession of the public key. 

1 8. Method according to claim 7, characterized in that the 

2 symmetrical encryption algorithm is DES or triple DES and the 

3 asymmetrical encryption algorithm is RSA, DSA or an elliptic 

4 curve algorithm. 



1 9. Method according to claim 4, characterized in that if the 

2 digital signature does not agree, the servlet sends an error 

3 message to the client applet. 

1 10. Method according to claim 1, characterized in that a session 

2 ID is generated from a large range of values to prevents its 

3 being discovered by a targeted search. 

1 11. Method according to claim 1, characterized in that the session 

2 ID shows the user to be an authorized person for all requests 

3 within a specified session. 

1 12. Method according to claim 1, characterized in that the session 

2 ID is given a period of validity. 

1 13. Method according to claim 12 , characterized in that the 

2 session ID loses its validity on expiry of a fixed time or 

3 when a session is terminated by means of a log-off page. 

1 14. Method according to claim 1, characterized in that the session 

2 ID generated in step dd) is recorded in a table and in that 

3 the presence of an entry in the table is a requirement for 

4 access to all the protected-access pages. 
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1 15. Method according to claim 14, characterized in that when the 

2 validity of a session ID expires or when a session is 

3 terminated by means of a log-off page the session ID is 

4 deleted from the table. 

1 16. Apparatus comprising at least the following components: 

2 a) client comprising at least: 

3 aa) a browser 

4 bb) a computer software product for executing steps aa) , cc) , 

5 dd) and ee) of the method according to claim 1 
Jpjj 6 cc) reader for a mobile security module 

7 b) server comprising at least: 

! a « 8 aa) a computer software product for executing steps bb) , f f ) , 

9 gg) , hh) and ii) of the method according to claim 1 

^flO c) a communications connection between client and server. 

1 17. Apparatus according to claim 16, characterized in that the 

2 server is a web server and in that the communications 

3 connection between client and web server is made by internet 

4 or intranet . 

1 18. Web server comprising at least: 
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2 a) a non-volatile memory for storing web pages 

3 b) a computer software product for executing steps bb) , ff ) , 

4 gg) / hh) and ii) of the method according to claim 1 

1 19. Web server according to claim 18, characterized in that a 

2 security module for performing step nn) of the method 

3 according to claim 1 is also provided. 

1 20. Client comprising at least: 

2 aa) a browser 

'II 3 bb) a computer software product for executing steps aa) , cc) , 

4 dd) and ee) of the method according to claim 1. 

m 1 21. Client according to claim 20, also comprising: 

\V\ 2 a) chip card reader for a mobile security module 

m 3 b chip card having a non- volatile, protected memory 

: ^ 4 containing at least : 

5 aa) a card number 

6 bb) a cryptographic key. 

1 22. Computer software product which is stored in the internal 

2 memory of a digital computer, comprising items of software 
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code for executing the method according to claims 1-15 when 
the product is run on the computer. 
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ABSTRACT 



The present invention relates to an apparatus and method for 
controlling access to protected web pages on a web server by using 
a method of authentication. The method according to the invention 

5 is divided into a general method for authenticating the client and 
a downstream method for granting authorization to access the 
protected web pages by generating a session ID of which the client 
is notified after successful authentication, and by inserting the 
session ID as part of the new request. This ensures that even the 

10 links on the protected-access web page are covered and are provided 
with a session ID to serve as access authorization. The session ID 
is preferably given a validity date. The present invention fits 
into the existing browser infrastructure without any alterations 
being needed for this purpose. The use of a chip card increases the 

15 security of the method of authentication. 
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